NSA chief seeks compromise on encrypted phone snooping

February 23, 2015
http://phys.org/news/2015-02-nsa-chief-compromise-encrypted-snooping.html
In Washington, Monday February 23, the National Security Agency chief proposed that a compromise can be made when it comes to access encrypted devices. National Security Agency Director Admiral Mike Rogers, stated that he does not believe Americans should be divided on the issue of encryption. Rogers said that in the fight against terrorism, the concerns are the same as in law enforcement, and endorsed the view expressed by FBI director James Comey on gaining access to encrypted mobile devices. Rogers’ stated that “We fully comply with the law…we do that foreign intelligence mission operating within (a legal) framework.” The point of the conference was to bring awareness to the NSA’s belief that there should be a common ground with the tech sector on the issue, instead of a nothing or everything.

Alleged Hacker belonging to the hacking crew Lizard Squad run a DNS hajacking attack against the Google Vietnam domain.

February 24,2015
http://securityaffairs.co/wordpress/34058/cyber-crime/lizard-squad-dns-hijacking-google-vietnam.html
Users who accessed the Google Vietnam website were presented with a picture of a man taking a selfie, along with a message that claimed the site was hacked by Lizard Squad. The hackers also took the opportunity to advertise their Lizard Stresser DDoS service. Although Google Vietnam wasn’t actually hacked, the attackers directed the visitors to a defacement page through DNS hacking. The attackers managed to redirect users by changing the Google name-servers to CloudFlare. Experts believe this was either done to confuse network analysts and legacy tools, or the attackers simply didn’t care what type of IP address they were using as long as they achieved their goals. The name-server records were restored roughly two hours after the attackers had changed them.

Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters  and the U.S. National Security Agency

February 25,2015
http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx
On February 25,2015 the European SIM maker of Gemalto said they have investigated the past records of attempts of attacks. The website made the allegations on the theft of the keys — which encrypt and decrypt data — based on a document leaked by former NSA contractor Edward Snowden. But the company denied that these attacks resulted in a large-scale theft of encryption keys. The company said the aim of the operation was to intercept the encryption keys as they were exchanged between mobile operators and suppliers.

Most popular apps vulnerable to hacking: McAfee

February 24,2015
http://timesofindia.indiatimes.com/tech/tech-news/Most-popular-apps-vulnerable-to-hacking-McAfee/articleshow/46357311.cms

Intel Security’s McAfee Labs is reporting that the vast majority of the most popular mobile apps found to be vulnerable to man-in-the-middle attacks in research performed last year remain exposed to attacks. According to McAfee Labs, nearly three-quarters of the 25 most downloaded apps on CERT’s list are still unpatched. Although the researchers did not find evidence that these apps had been exploited, the number of downloads for the apps ranges into the hundreds of millions. The latest findings were included in the McAfee Labs Threat Report of February 2015, which also revealed that mobile malware samples jumped 14 percent during the final quarter of 2014. At least eight percent of all McAfee-monitored mobile systems reported an infection in the fourth quarter of last year.

Old Vulnerabilities Still Popular Targets for Hackers: HP

February 23,2015
http://www.securityweek.com/hp-cyber-security-report-reveals-old-vulnerabilities-still-popular-targets

Vulnerabilities in older code is continuously becoming a big risk for hacking, according to the HP report. Hackers have used older methods and codes from years ago, even decades ago. The most targeted 2014 CVE was CVE-2014-0322, a vulnerability in Microsoft Internet Explorer, leaving corporations exposed.